Within OS X, the utility Disk Utility has a secure erase for hard drive formatting. It has 1,7, and 33 pass options, which to my knowledge are very good writting random data to the drive. What does os x not do that other commercial products do? What makes more advanced software a much better secure erase solution?

4 Answers
4

(Don't believe it? Contact a reputable data-recovery firm and price a recovery from a true single-pass surface wipe. If you have data that someone -- anyone! -- would realistically be willing to pay the quoted price to recover, consider something more rigorous, like maybe a three-pass wipe.)

Just to support this answer read the epilogue to Gutmann's paper at cs.auckland.ac.nz/~pgut001/pubs/secure_del.html It was Gutmann's paper Secure Deletion of Data from Magnetic and Solid-State Memory that inspired all the high priced snakeoil "secure deletion" applications. In the epilogue, he states, " For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do."
–
Richard HoskinsAug 12 '09 at 5:02

A single erase pass is enough on modern GMR drives. The 395 pass DOD-top-secret-super-duper-mega-security stuff is partly from a requirement of ancient MFM drives with poor head tracking, but is mostly marketing spin.

OS X does use DOD wipe, but they are not big on giving any kind of legal protection with it. It is free and the support and backing of it represent that. So yes it works and using it would provide enough legal protection. That said, there are other tools out there if you are looking into being profoundly thorough.

As for other products, DBAN, EBAN, White Canyon, etc. I typically remove the hard disk from the Mac and kill the data on a guinea pig PC. With that I have many more options for testing hard disks and wiping the data.

Single pass myths, are myths. After I used a magnetic force microscope, it is clear even the new drives show their old tracks.

The nicer you can make that polished turd look, the more people will spend on it. :)

All wipe algorithms are essentially the same. You may get some fancy random ones, but they all accomplish the same goal. I personally use DBAN, but writing zeros to a disk is writing zeros to a disk no matter how you look at it.

Well, there's actually a (small) difference between writing random data and writing zeros to a disk: Plausible deniability. A disk consisting of zeros easily reveals the fact that it was erased on purpose, while the random data don't.
–
TFMAug 12 '09 at 11:42